I made a post earlier about my concerns about people assuming hacking is limited mostly to exploiting software. The founder of the Metasploit project himself made it clear at the last Blackhat conference that “hacking is not about exploits. As many professional auditors know, only one or two real exploits may be used during a penetration test.” He mentioned that most of the time you are cracking passwords, exploiting trust relationships, etc…

At that same conference, the opening speaker, Richard Clarke (former chief counter-terrorism adviser to the US National Security Council) seemed to think completely opposite of that perception. He seemed to feel if we could get coders to write more secure software all would be right in the world.

What concerns me is if someone new to security simply downloads a copy of Backtrack and runs autopwn on their network and doesn’t get a shell, now feels his network must be secure. This couldn’t be further from the truth.

There is a site I have started to recommend to those new to security. Most of us know about it, but I am not sure how many have actually gone there and downloaded the live CDs and hacked them. I am referring to the DE-ICE.net live pentest cds.

This is such a great concept and I really support it for training those new to the field. Now I have only downloaded the first 2 and I will say any seasoned hacker can get through them quickly, but what I like is you can’t exploit them to get root with metasploit. You have to think like a hacker.

My understanding is the scenarios were created from “real life” pentests the author of these Cds Tom Wilhelm encountered in the field. The entire concept of live pentest CDs has so much merit. You can easily boot them up and hack away. If you screw things up, just reboot. The very best thing about this project is there is a challenge involved. That has always been the weak part of a home lab. Now I am a big supporter of having a lab and have made a number of posts here about doing that. But the one weak aspect is you already know if it’s vulnerable or not when you set it up. Well, unless you are into exploit research, but most CEHs are not doing that and are simply practicing with their tools. Being great with tools is fine, but it doesn’t teach you how solve puzzles and that’s what hacking is all about. A live pentest CD on the other hand presents a puzzle for you try and figure out. It teaches you how to “think” like a hacker and how to solve puzzles. This is in my opinion the most crucial quality to gain and I really don’t care how well you know all the switches of nmap or you know metasploit top to bottom, etc…

Yes, like anything there are some short coming and live cds are not perfect. They don’t give the feel of a networked environment. However you could rewrite them to be if you wished, but thats not really what they are all about any way. There are not many available so far and of course they are all presented in linux so you wont be hacking server 2003, but once you have the concepts down you could easily apply the concepts to any OS.

If you do decide to take a stab at the CDs , please resist the temptation to looks at the spoilers out there. There are even full video spoilers available, but this would make as much sense as going to an answer page of a crossword puzzle before you even try and filling in all the blanks! I doubt that will make you a better crossword player. Just to say again, the value is not that you are going to learn some new amazing hacking technique, but that you can learn to solve puzzles and think like a hacker.

From what I gather, this is the same attribute that Muts is trying to instill in his course and if you are going after that certification, before you take the test it might benefit you to run through these Cds. I really can only say good things about the concept and I hope one day it will be expanded to include every level of challenge.

I would have to describe the difference in philosophy of HD and the General as one who thinks about design security vs. implementation security. Its kind of a lame analogy, but follow me on this. HD or any other pen tester out there, is primarily involved down in the weeds doing actual red team work. They are the ones exposed to the actual implementation, and constantly see that its not some elite exploit that gets them in, but careless mistakes or just plain dumb implementations. Now consider the same instance from the General's view point. He is a high level guy. His guys tell him everything is patched, so the only way some is breaching his network is via an unknown exploit, as far as he is concerned. So you see the difference between the real world on the front lines, and the high level check-box mentality.

great post, I've played with the De-ICE tools in the past have had some success and fun. From a learning perspective there are few things better than being thrown in at the deep-end to put the theory into practice.

great post and I will have a look at this.Are you aware of any other similar projects?

There used to be similar versions for forensic training, but due to the time required to build an image for testing forensic skills these have almost deminished, but anything like this for training purposes are excellent.

Thanks for the comments everyone. I am hoping when I have a little extra time to create a few live CDs to help contribute to the concept. Certainly one of these should be for forensic analysis as well some others for several levels of penetration difficulty. Hopefully others out there will also be inspired to help this project.

Last edited by Kev on Wed Aug 06, 2008 1:12 pm, edited 1 time in total.

I also saw a new web application testing book (can't remember the title) that contains example web pages that can be used as practice targets. Could be worth a look, it's on my reading list (as soon as I remember the name....)

I'm the guy behind the de-ice.net pentest disks, and wanted to thank you for the well-written post and kudos. It's good to see some people are starting to realize pentesting is so much more than simple vulnerability tests; but obviously there is a lot more work that needs to be done to educate the masses (especially those with a "C" in front of their title or a lot of metal on their shoulders).

I caught that you tried the first two disks, and will agree with you that they can be plowed through pretty quickly by any seasoned pro. However, you should give the lvl 2 disk a shot - quite a bit more difficult. We do have a lvl 3 disk in development, but again it will not include known exploits (serious emphasis on "known"). That should be out right around the holiday season (we all need a distraction around that time of year, especially when in-laws are in town, eh?).

Again, thanks for the kudos, and please don't hesitate to contact me with any suggestions / comments / war stories.

Thanks for reaching out and giving Kev a pat on the back. He does good work and deserves recognition. Please let us know when the next one is ready, and we will be sure to plug it.

Looking forward to seeing more of you on EH-Net?

All the best,Don

Strange that I haven't bumped into this site before - Kev's post hit google, which is how I found it. I'll definitely be around, and will certainly keep everyone up on the latest pentest livecd releases.